Adding IPv6 support to your EC2 instance.

In this blog post we will look into adding IPv6 support to you webapp published on AWS stack.
We will assume you are using an EC2 instance running Ubuntu Server 16 and Amazon Route 53 to publish your DNS records.
For simplicity we will assume your Amazon VPC (Virtual Private Cloud) has only a public-facing subnet.
For the web server we assume Nginx.

At the end you webapp should run dual-stack, supporting traffic both over IPv4 and IPv6.

Let’s begin with associating an IPv6 CIDR block with a VPC. Open the VPC console.
From the left navigation pane select Your VPCs.
In the table select the VPC your instance belongs to (you can check it’s id in EC2 console), click on Actions and select Edit CIDRs:

Choose Add IPv6 CIDR and after the IPv6 CIDR block has been added, choose Close:

For a public subnet, you must update the route table to enable your EC2 instance to use the internet gateway for IPv6 traffic.

Select Route Tables and select the route table that’s associated with your VPC.
On the Routes tab, choose Edit and Add another route (DO NOT edit an existing IPv4 route).
Specify ::/0 for Destination, select the internet gateway ID (you can check it here) of your VPC for Target, and then click on Save.

From the navigation pane, choose Security Groups and select one of the security groups your instance belongs to (you can check them in the EC2 console).
Typically you will need HTTP, HTTPS and SSH access rules to your instance, which means 3 groups.
Select or create one of them (for example a security group for HTTP access):

In the Inbound Rules tab, choose Edit.

For Type, select HTTP. For Source, enter ::/0.

If you’re just creating the group also add ipv4 entry with Type: HTTP and Source 0.0.0.0/0.

This is the complete entry you want there:

Repeat these steps creating or editing rules for HTTPS and SSH access per your needs.

Assuming your website is published at the nodrama.io domain you want that name to resolve to the correct IPv6 address of your instance, where in turn your web server can serve the content to the outside world.
Amazon Route 53 supports both forward (AAAA) and reverse (PTR) IPv6 records, moreover since recently the Route 53 service itself is available over IPv6.

Let’s confirm that our content is availiable via IPv6 using curl and forcing the GET request over IPv6.

NOTE:

To force IPv6 traffic you need a box with an IPv6 address assigned, which typically boils down to your ISP providing you with it, which is rare these days. Alternatively you can use another EC2 instance with IPv6 address, or as a last resort ping the box the same instance.
If you see: